Cybersecurity & Networking

  • 3 Ways COVID-19 Is Changing CISO Priorities

    According to ESG research, 62% of organizations were poised to increase spending on cybersecurity in 2020. Thirty-two percent of survey respondents said they would invest in cybersecurity technologies using AI/ML for threat detection, followed by data security (31%), network security (30%), and cloud application security (27%).

    COVID-19

    Of course, that was back in the innocent and carefree days before COVID-19. Have things changed?  Yes, and seemingly overnight. Like society at large, the cybersecurity world’s priorities, strategies, and tasks have been turned upside down.

    I reached out to some CISOs and industry beacons this week to get their account of what’s happening. My first observation is it’s difficult to get CISOs on the phone right now as they are heads down trying to secure the new reality. But I did manage to get a few on the line; here’s a synopsis of what they said:

    1. Big projects have been postponed indefinitely. Large organizations tend to have a few cybersecurity projects that require engineering, piloting, and cooperation with IT operations. Think of things like reengineering the security data pipeline, data discovery/classification/security across the enterprise, or IAM initiatives like identity federation. With everyone working remotely, these projects have been tabled for now—even if they were already progressing.
    2. It’s all about securing remote users. This one is obvious but its also the reason why CISOs are so busy. The mandate from executives was to get employees up and running first and then address security afterward. CISOs have been fighting “bolt on” security cycles like this for years, but the virus has forced security teams to work uphill to catch up. This means on-the-fly risk assessments, controls adjustments, and lots of work in tandem with IT and network operations teams.
    3. An immediate search for “quick wins.” CISOs are finding and patching holes as quickly as they can. In some cases, this means they are starting from scratch as they quickly ramp up product research, purchasing cycles, testing, piloting, and deployment. Despite this workflow, CISOs are looking for tools that can be easily installed and configured to mitigate new risks. 

    Budgets haven’t been cut yet and CISOs really don’t have time right now to deal with paper pushing.  Rather, security teams are grabbing money as they can to address the new reality. Some of the emergency purchasing needs include:

    • Endpoint security controls. There are two priorities here: providing network access and blocking malware. This equates to VPN clients and antivirus software—especially for employees sharing their systems with family members. Some are also looking at asset and operations management tools (a la Tanium) to turn unmanaged home PCs into managed short-term corporate assets.
    • Mobile device security. This was on the to-do list at the beginning of the year. Now that executives, high-value employees, and privileged account managers are working from home, mobile device security efforts have become a high priority.
    • Network security. CISOs are defaulting to VPNs to deal with a work from home population that grew from 20% to greater than 80% of employees in a matter of weeks. In some cases, basic VPN access has superseded more thorough zero-trust access projects that require time and planning for things like policy management. VPN growth is accompanied by the need for more firewall and other gateway appliances. Finally, I’m seeing increasing interest in secure DNS services, which is also perceived as a quick win.
    • Simple multi-factor authentication (MFA). Organizations that have success with MFA in small pockets are expanding these efforts as high-value employees migrate from office cubicles to their home offices. Again, the goal is to bolster security first and then fine-tune policies over time.

     Some final observations:

    • The degree of cooperation between security and IT/network operations is unprecedented, with lots of things happening simultaneously.
    • CISOs aren’t doing a lot of shopping. Rather they are working with trusted partners to get things done quickly. This will impact startups.
    • CISOs have asked their staff to do what they can to increase end-user monitoring. They are also working with HR on “crash course” security awareness training. Those that have synthetic phishing tools have increased activity here as well.
    • Data security remains a big issue as there aren’t really any quick fixes. This is one of the reasons for increased end-user monitoring. 
    • Before COVID-19, many organizations did not configure endpoint security tools in the maximum protection setting for fear of disrupting users with false positives or reduced performance. Some of the CISOs I talked with have mandated a change in this policy, reconfiguring endpoint security tools for maximum protection everywhere.
    • CISOs are asking trusted vendors for help. In some cases, they are discovering security product capabilities and free features and services they were unaware of. Who knew?
  • Skull and crossbones

    With ransomware a top security concern for most cybersecurity teams, the cost of cybersecurity insurance is making its way into the annual budgeting process for CFOs around the globe. While ransomware is not a new cyber-threat, largely entering the cybersecurity scene in 2016 and 2017 with high-profile attacks, research conducted by ESG reveals that a majority of organizations continued to experience ransomware attacks in 2019, representing a concern for both business and IT leadership.[1]

    The research further revealed the prominence of cybersecurity insurance policies, and the relationship between ransomware payouts and those companies that hold these policies. A subset of organizations with cybersecurity insurance report that their providers are advising, and possibly even pressuring, them to pay cyber ransoms, further fueling the success rates and the economy built around ransomware. This disturbing trend sets the stage for the continuance of ransomware, and an opportunity for criminals to exploit those organizations that have engaged with cybersecurity insurance companies.

    The ransomware economy stretches well beyond the cryptocurrency that attackers are extorting from both companies and the public sector. Cybersecurity insurance is growing at an equally disturbing pace, along with the many ransomware-targeted security controls that endpoint and data protection vendors are bringing to market to help organizations protect themselves from attacks. Further contributing to this economy are the outside incident response vendors and legal practices that are helping companies understand and recover from successful ransomware attacks.

    I’m a big analogies guy, so I’ll liken this to the use of radar in the automotive industry: As vendors equipped law enforcement with speed-measuring radar guns, it spawned an opportunity for the sales of radar detectors to alert drivers to “speed-traps.” As radar was further used in additional applications including automatic door openers, collision detection systems, and more, new advances were required to filter out the noise, further fueling the economy built around the radar industry.

    Ransomware is following a similar pattern: Software developers are building and selling ransomware to criminals. Criminals are using the ransomware to extort funds from organizations of all types. Cybersecurity insurance companies are selling insurance policies to protect against attacks. Cybersecurity software companies are building and licensing software to protect against attacks. Data loss protection (DLP) vendors are building and selling specialized solutions to enable data to be safeguarded and restored in the event of ransomware attacks. Incident response companies are helping victims understand and recover from attacks.

    With all the positive focus on helping organizations protect against and recover from attacks, ransomware and the economy surrounding it appear to be here to stay. ESG research tells us that this story is only getting worse, with 48% of companies investing in cybersecurity insurance policies, and nearly two-thirds (60%) of organizations experiencing a ransomware attack in 2019. While successful phishing attacks far outweigh successful ransomware attacks, most organizations say that ransomware presents a higher risk.

    To learn more about what organizations say about ransomware and how cybersecurity insurance is impacting the ransomware economy, download my free brief, Ransomware Still Rampant, Fueled by Insurance Companies.

    [1] Source: Enterprise Strategy Group Research Report, 2020 Technology Spending Intentions Survey, February 2020. All Enterprise Strategy Group research references in this blog post have been taken from this research report.

  • GettyImages-949581000It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges. According to ESG research:

    • 35% of cybersecurity professionals say that the biggest challenges associated with managing an assortment of point tools is that it makes security operations complex and time consuming.
    • (more…)
  • ESG conducted a comprehensive online survey of IT professionals at private- and public-sector organizations in North America (US and Canada) between December 9, 2019 and December 17, 2019. To qualify for this survey, respondents were required to be IT/information security professionals responsible for or familiar with their organization’s cybersecurity environment and strategy.

    The data in this master survey results set covers:

    • The cybersecurity technology landscape.
    • Perceptions of and requirements for enterprise-class cybersecurity vendors.
    • Enterprise-class cybersecurity platforms.
    • Security sentiment for cloud service providers.

    (more…)

  • In order to assess the network security landscape over the last 12-24 months, as well as what the priorities over the next 12-24 months are expected to be, ESG surveyed 265 IT security professionals representing enterprise-class (i.e., 1,000 employees or more) organizations in North America (United States and Canada). All respondents were personally responsible for evaluating, purchasing, and managing network security technology products and services.

    Survey participants represented a wide range of industries including manufacturing, financial, healthcare, and communications and media, among others.

    (more…)

  • Network Security Trends

    This Master Survey Results presentation focuses on the current state of network security, including current strategies and challenges, and how these are guiding the current and (expected) future usage of foundational network security technologies.

    Topics covered include:

    • Modern network security challenges.
    • The confusion around “zero trust.”
    • Top considerations for SDP and microsegmentation initiatives. 
    • The state of the DDoS prevention market.
    • Third-party deception tool adoption drivers.

    (more…)

  • RSA 2020: A Review

    GettyImages-1083720272RSA 2020 had an uninvited guest, Covid-19. Fist bumps replaced handshakes while hand sanitizing stations seemed ubiquitously stationed throughout the Moscone Center. Attendance seemed to be down due to factors like the virus panic and the withdrawal of major players like AT&T, IBM, and Verizon. 

    While lots of people pulled back, the ESG team was in full attendance. Here are a few of our observations and thoughts on RSA 2020:

    (more…)

  • With RSA Conference 2020 now in the rearview mirror, my colleague John Grady and I discuss the theme of the conference in this video blog, the human element. After acknowledging the importance of community, we explore how the emergence of software-defined perimeters (SDP) will help secure a variety of user access use cases. We also discuss how the broad adoption of cloud services is necessitating a retooling of identity and access management programs from SSO to MFA, privileged access management, and user activity analytics. We wrap-up noting how much we enjoyed seeing so much of our community at our annual Enterprise Strategy Group Breakfast at RSA Conference event.

    For additional coverage, see Jon Oltsik’s blog: RSA 2020: A Review.

  • Trends in Endpoint Security

    ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between September 23, 2019 and October 2, 2019. To qualify for this survey, respondents were required to be responsible for evaluating, purchasing, and managing endpoint security technology products and services.

    This Master Survey Results presentation focuses on modern endpoint security challenges, plans, and strategies to understand the drivers of endpoint security investments and how decision makers are prioritizing and timing purchase decisions.

    (more…)

  • While ransomware is not a new cyber-threat, largely entering the cybersecurity scene in 2016 and 2017 with a number of high-profile attacks, research conducted by Enterprise Strategy Group reveals that a majority of organizations continued to experience ransomware attacks in 2019, representing a concern for both business and IT leadership teams. The research further reveals the prominence of cybersecurity insurance policies, and the relationship between ransomware payouts and those companies that hold these policies. A subset of organizations with cybersecurity insurance report that their providers are advising, and possibly even pressuring, them to pay cyber ransoms, further fueling the success rates and the economy built around ransomware. This disturbing trend sets the stage for the continuance of ransomware, and an opportunity for criminals to exploit those organizations that have engaged with cybersecurity insurance companies.


    For more information or to discuss these findings with an analyst, please contact us.
  • Introducing Enterprise Strategy Group’s Modern Email Security Video Series

    As part of my ongoing research around modern email security, I am shooting a series of video interviews with leaders from several email security solution providers, talking about the current email threat landscape and strategies to defend against them. My goal is to make these educational, explaining what’s happening on both the attacker side and the defender side.

    I’ll be talking with a variety of industry experts from very small security companies to the largest of email security providers, covering specific defensive techniques to broad, cross-vector strategies that include email security. Most of these will be shot in our ESG Studios, but I may end up with a few shot on location in my travels.

    Leading off the series, I’m talking with DJ Sampath, founder of Armorblox Security. Armorblox has built a natural language understanding platform that can be used to help organizations fight business email compromise (BEC), among other email-related threats. DJ explains the challenges associated with stopping business email compromise, introduces natural language processing (NLP), and talks about how Armorblox has applied NLP to stop BEC attacks. We shot this one in two five-minute increments, so please enjoy the series. This is the first of many to come!!

    Part 1 with DJ Sampath from Armorblox

    Part 2 with DJ Sampath from Armorblox
  • GettyImages-849372092As part of the ESG annual IT spending intentions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills. Cybersecurity topped the list of problematic skills shortage areas, just as it has for the past 9 years.

    (more…)